You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
feat(draft): AllocationManager redistribution support (#1346)
**Motivation:**
Add support for redistributing slashed funds to specified recipients
instead of burning them, while optimizing code size and improving test
coverage.
**Modifications:**
Added a new redistribution system that allows AVSs to specify recipients
for slashed funds. Code optimizations were made to reduce codesize,
including consolidating repeated logic and a small
`PermissionControllerMixin` refactor.
**Result:**
Slashed funds can now be redirected to specified recipients instead of
being burned, with improved code efficiency and test coverage.
feat: simplify removeDepositShares in StrategyManager (#1373)
**Motivation:**
the _removeDepositShares() returns a bool which is not of any meaning.
simplify removeDepositShares in StrategyManager by removing that
returned value
**Modifications:**
simplify _removeDepositShares() by removing returned extra bool
**Result:**
_removeDepositShares() is simplified and binary size is reduced
feat: add `SlashingWithdrawalRouter` (#1358)
**Motivation:**
We want to hold slashed funds in escrow temporarily to maintain protocol
security (prevent malicious actors from draining the contracts).
**Modifications:**
- Add `SlashingWithdrawalRouter`.
**Result:**
The `SlashingWithdrawalRouter` contract is added for managing slashed
funds in the EigenLayer protocol. It provides a mechanism to handle the
burning or redistribution of slashed shares after a delay period,
ensuring proper handling of slashed funds while maintaining protocol
security.
---------
Co-authored-by: Yash Patil <[email protected]>
test(redistribution): add unit tests (#1383)
**Motivation:**
We want to ensure `SlashingWithdrawalRouter` has appropriate unit test
coverage.
**Modifications:**
- Add more unit tests.
**Result:**
90% coverage.
refactor: remove `v` prefix from `SemVerMixin` (#1385)
**Motivation:**
Slashing was deployed with using a `v` prefix, thus we're simply going
to drop the prefix moving forward.
**Modifications:**
Prefix removed, and tests updated.
**Result:**
SemVerMixin no longer requires a `v` prefix.
feat: escrow funds in unique clone contracts (#1387)
**Motivation:**
Current implementation is broken by rebase tokens.
**Modifications:**
- Rename SWR -> `SlashEscrowFactory`.
- Add factory logic that deploys clones unique to their slash ID.
**Result:**
Funds will now be stored in clone contracts unique to their slash ID.
fix: review issues (#1391)
**Motivation:**
We want to resolve any review issues that arise.
**Modifications:**
- Use larger of strategy or global delay: @non-fungible-nelson
- Fix storage overrides noted from `Deprecated_OwnableUpgradeable`
@wadealexc
- Use `EnumerableSet` instead of `EnumerableSetUpgradaeable` since it
doesn't contain storage
- Add missing event in `initialize()`.
- Prevent `address(0)` during `createRedistributableOperatorSets` for
event sanitation.
- Improve check legibility @wadealexc
**Result:**
Current review concerns have been addressed.
fix: storage checker (#1394)
**Motivation:**
Storage checker didn't have ALM added. Also we needed to fix the
deprecated ownable mixing.
**Modifications:**
Fix mixing to inherit from `ContextUpgradeable`. Add ALM to
storage-diff.json.
**Result:**
Correct storage checks.
---------
Co-authored-by: Yash Patil <[email protected]>
chore: use internal getters; update `isOperatorRedistributable` (#1401)
**Motivation:**
We want to use internal getters wherever possible for style.
**Modifications:**
- Use `getRedistributionRecipient` in `isOperatorRedistributable`
- Update `isOperatorRedistributable` to get all allocated/registered
sets and then check if slashable and redistributable set for each
- More comprehensive unit tests
**Result:**
Cleaner code + tests passing
chore: rename burnable -> burnOrRedistributable; fix storage gap; remove poc code (#1397)
**Motivation:**
Burn shares naming is confusing, since shares are burnOrRedistributable
**Modifications:**
- For the new withdrawal path, call it `burnOrRedistributable`, so
`burnOrRedistributableSharesIncreased` or
`burnOrRedistributableSharesDecreased`
- Bring back `burnableSharesDecreased` event for the legacy burn path
- Rename `_operatorSetBurnableShares` to `_burnOrRedistributableShares`
- Fix the storage gap, since `_burnOrRedistributableShares` is a mapping
pointing to an enumerable map, not an enumerable map
- Remove POC withdrawal queue code from the DM
**Result:**
Cleaner Redistribution code
chore: remove dm/alm code size optimizations (#1398)
**Motivation:**
We have several code size optimizations in the DM/ALM. These are not
needed anymore with the ownable deprecation. We can add in future
upgrade if we want.
**Modifications:**
Remove all internal `_check` and modifiers.
Make `slashOperatorShares` in the DM return to the original
non-arrayified method.
**Result:**
Smaller code diff for redistribution.
test: full coverage `SlashEscrowFactory` + `SlashEscrow` (#1403)
**Motivation:**
We want to ensure we have full coverage unit tests for
`SlashEscrowFactory` and `SlashEscrow` in preparation for audits.
**Modifications:**
- Adds checks for all view methods.
**Result:**
Brings coverage up to 100% for all branches/fns/etc.
chore: decrease dm diff further (#1404)
**Motivation:**
We want to minimize the diff between slashing.
**Modifications:**
Revert calldata/memory types in DM.
**Result:**
Smaller diff
fix: enumerable map overwrite (#1399)
**Motivation:**
Currently, there's a bug in the `SM` where if you loop through the
burnable shares queue, you may not clear all due to swap and pop of an
Enumerable Map. Furthermore, we also are constrained by a token transfer
taking too much gas and blocking transfer out of funds.
**Modifications:**
- Iterate backwards on `decreaseBurnOrRedistributableShares `
- Overloaded `decreaseBurnableShares` with a version to pass in an
index. This function will escrow a single share (called by above too).
Now, we do not need a max strategy per opSet requirement
- Unit tests for both `increaseBurnOrRedistributableShares` and
`decreaseBurnOrRedistributableShares`
- Added the following introspection:
-- `getBurnOrRedistributableShares(operatorSet, slashId) returns
(Strategy[] Strats, uint256[] shares)
-- `getBurnOrRedistributableShares(operatorSet, slashId, strategy)
returns (shares)
-- `getBurnOrRedistributableCount(operaotrSet, slashed) returns (count)`
**Result:**
Correct code with unit tests
feat: simplify escrow delay; add convenience functions (#1406)
**Motivation:**
The escrow delay currently always you to complete escrows for a portion
of strategies if there exists a strategy with a larger delay. This makes
our codebase more complex. We also want to have a view function for
offchain cronjob that needs to be called only once.
**Modifications:**
- Update `releaseEscrow` to obey the maximum delay across all strategies
for a slash
- Add a `getBurnOrRedistributionDelay` view function
- Add a convenience view function `getPendingEscrows` for offchain burn
job. This returns all pending operatorSets, and their associated
redistribution status, slashIds, and completeBlocks
- Standardize `uint32` for delay everywhere
- Make `deploySlashEscrow` a public function
**Result:**
Simpler & correct code.
chore: update naming (#1408)
**Motivation:**
We use `burnOrRedistributable` everywhere. Let's just use escrow
instead. Much simpler.
**Modifications:**
`burnOrRedistributable -> escrow`.
**Result:**
Better readability.
---------
Co-authored-by: clandestine.eth <[email protected]>
fix: enumerable map ovewrite
chore: format
chore: address rebase issues
test: increase burnable shares
chore: add tests
feat: simplify escrow delay
chore: format
chore: clarify natspec
chore: fix typos
feat: add convenience view functions (#1407)
chore: remove commented code
chore: format
chore: format
chore: naming
docs: alm
docs: dm
docs: epm
docs: strateby ase
docs: sm
chore: interface
docs: sef
chore: fix test
chore: format
fix: fmt and build
chore: fix test
chore: format
chore: build
chore: update for clear
chore: format
chore: draft
chore: changelog
chore: ref elip-006
chore: org
chore: typo
chore: add links to changelog
chore: push
fix: compile
**Use this template to draft changelog and submit PR to review by the team**
4
-
5
3
## Release Manager
6
4
7
-
@0xClandestine
8
-
5
+
@0xClandestine@ypatil12
9
6
10
7
## Highlights
11
8
12
-
🚀 New Features – Highlight major new functionality
13
-
- ...
14
-
- ...
9
+
🚀 New features
15
10
16
-
⛔ Breaking Changes – Call out backward-incompatible changes.
17
-
- ...
18
-
- ...
11
+
- Redistribution is a feature that gives Service Builders a means to not just burn, but repurpose slashed funds.
12
+
- We introduce a new operatorSet creation mechanism: [`AllocationManager.createRedistributingOperatorSets`](../docs/core/AllocationManager.md#createredistributingoperatorsets), which allows slashed funds to be redistributed to a `RedistributionRecipient`. *Note: The redistribution recipient can be set only once and is immutable*.
13
+
-*All slashed funds will now be routed to individual `SlashEscrow` contracts.* The release of funds from escrow is gated by the `SlashEscrowFactory`. The `SlashEscrowFactory` deploys individual `SlashEscrow` contracts per slash, enforces a global delay for all escrowed funds, and handles pausing/unpausing of escrowed funds.
14
+
- The original `createOperatorSets` function still exists. This function creates operatorSets whose slashed funds will eventually be burned. There is no mechanism to convert an operatorSet to be redistributing.
15
+
- See [ELIP-006](https://github.com/eigenfoundation/ELIPs/blob/main/ELIPs/ELIP-006.md) for a full description.
19
16
20
-
📌 Deprecations – Mention features that are being phased out.
21
-
- ...
22
-
- ...
17
+
⛔ Breaking changes
18
+
- Funds marked for burning now go through a 4-day escrow period via `SlashEscrow` contracts. These funds are burned by calling [`SlashEscrowFactory.releaseSlashEscrow`](../docs/core/SlashEscrowFactory.md#releaseslashescrow).
- The pre-redistribution burn pathway [`StrategyManager.decreaseBurnableShares`](../docs/core/StrategyManager.md#burnshares) will be deprecated in an upgrade *after* the redistribution release. This function can still be used to burn shares that have been slashed at any point prior to the redistribution upgrade.
27
22
28
-
🔧 Improvements – Enhancements to existing features.
29
-
-...
30
-
-...
23
+
🛠️ Security Updates
24
+
-The slashing of burned funds is no longer instantaneous. All slashed funds (burned or redistributed) now go through a 4-day escrow delay. The eventual burning or redistribution of slashed funds can be paused by the `PauserMultisig`.
25
+
-The upgradability of the `SlashEscrowFactory` is controlled by the `CommunityMultisig`. The contract will have a separate `ProxyAdmin` from the rest of the EigenLayer core protocol. Each individual `SlashEscrow` contract is an immutable clone.
31
26
32
-
🐛 Bug Fixes – List resolved issues.
33
-
- ...
34
-
- ...
27
+
🔧 Improvements
28
+
- The [`AllocationManager.slashOperator`](../docs/core/AllocationManager.md#slashoperator) function now returns a `slashId` and array of `shares` to be burned/redistributed. **The function selector remains the same.**
29
+
- OperatorSets now have a `slashCount` field, which returns the number of slashes completed by the operatorSet. This value only reflects the number of slashes after the redistribution upgrade.
30
+
-`StrategyBase` returns an `amountOut` upon withdrawal to comply with standard ERC-4626 vaults.
31
+
- The `AllocationManager` and `DelegationManager` no longer use ownable. Thus, they now inherit the `Deprecated_OwnableUpgradeable` mixin in its place to reduce codesize.
35
32
33
+
🐛 Bug Fixes
34
+
-`SemVerMixin` is updated to only return the first character of `majorVersion`. We currently return `1.` and will return `1` after this upgrade.
36
35
37
-
## Changelog
38
-
39
-
Copy the one that's auto generated from github by default to here, and submit PR for review
Every `OperatorSet` corresponds to a single AVS, as indicated by the `avs` parameter. On creation, the AVS provides an `id` (unique to that AVS), as well as a list of `strategies` the `OperatorSet` includes. Together, the `avs` and `id` form the `key` that uniquely identifies a given `OperatorSet`. Operators can register to and deregister from operator sets. In combination with allocating slashable magnitude, operator set registration forms the basis of operator slashability (discussed further in [Allocations and Slashing](#allocations-and-slashing)).
174
+
Every `OperatorSet` corresponds to a single AVS, as indicated by the `avs` parameter. On creation, the AVS provides an `id` (unique to that AVS), as well as a list of `strategies` the `OperatorSet` includes. Together, the `avs` and `id` form the `key` that uniquely identifies a given `OperatorSet`. Operators can register to and deregister from operator sets. In combination with allocating slashable magnitude, operator set registration forms the basis of operator slashability (discussed further in [Allocations and Slashing](#allocations-and-slashing)). There are two types of operatorSets, redistributing and non-redistributing.
_Note: this method can be called directly by an AVS, or by a caller authorized by the AVS. See [`PermissionController.md`](../permissions/PermissionController.md) for details._
239
241
240
-
AVSs use this method to create new operator sets. An AVS can create as many operator sets as they desire, depending on their needs. Once created, operators can [allocate slashable stake to](#modifyallocations) and [register for](#registerforoperatorsets) these operator sets.
242
+
AVSs use this method to create new operator sets. An AVS can create as many operator sets as they desire, depending on their needs. Once created, operators can [allocate slashable stake to](#modifyallocations) and [register for](#registerforoperatorsets) these operator sets. The `redistributionRecipient` is the `DEFAULT_BURN_ADDRESS`, where slashed funds are sent.
241
243
242
244
On creation, the `avs` specifies an `operatorSetId` unique to the AVS. Together, the `avs` address and `operatorSetId` create a `key` that uniquely identifies this operator set throughout the `AllocationManager`.
243
245
@@ -254,6 +256,38 @@ Optionally, the `avs` can provide a list of `strategies`, specifying which strat
254
256
* AVS MUST have registered metadata via calling `updateAVSMetadataURI`
255
257
* For each `CreateSetParams` element:
256
258
* Each `params.operatorSetId` MUST NOT already exist in `_operatorSets[avs]`
259
+
260
+
#### `createRedistributingOperatorSets`
261
+
262
+
```solidity
263
+
/**
264
+
* @notice Allows an AVS to create new redistributing operator sets, defining strategies and the redistribution recipient the operator set uses
265
+
*/
266
+
function createRedistributingOperatorSets(
267
+
address avs,
268
+
CreateSetParams[] calldata params,
269
+
address[] calldata redistributionRecipients
270
+
)
271
+
external
272
+
checkCanCall(avs)
273
+
```
274
+
275
+
AVSs use this method to create new redistributing operatorSets. Unlike the previous function, slashed funds for this operatorSet are sent to a `redistributionRecipient`. This value is set only once, upon creation. Note that redistributing operatorSets may not have Native ETH, as the protocol does not support native eth redistribution. See [ELIP-006](https://github.com/eigenfoundation/ELIPs/blob/main/ELIPs/ELIP-006.md) for additional context.
276
+
277
+
*Effects*:
278
+
* For each `CreateSetParams` element:
279
+
* For each `params.strategies` element:
280
+
* Add `strategy` to `_operatorSetStrategies[operatorSetKey]`
281
+
* Emits `StrategyAddedToOperatorSet` event
282
+
* Sets the `redistributionRecipient` of the operatorSet
283
+
* Emits the `RedistributionAddressSet`
284
+
285
+
*Requirements*:
286
+
* Caller MUST be authorized, either as the AVS itself or an admin/appointee (see [`PermissionController.md`](../permissions/PermissionController.md))
287
+
* AVS MUST have registered metadata via calling `updateAVSMetadataURI`
288
+
* The `redistributionRecipient` MUST NOT be the 0 address
289
+
* For each `CreateSetParams` element:
290
+
* Each `params.operatorSetId` MUST NOT already exist in `_operatorSets[avs]`
257
291
258
292
#### `addStrategiesToOperatorSet`
259
293
@@ -287,6 +321,7 @@ This function allows an AVS to add slashable strategies to a given operator set.
287
321
* Caller MUST be authorized, either as the AVS itself or an admin/appointee (see [`PermissionController.md`](../permissions/PermissionController.md))
288
322
* The operator set MUST be registered for the AVS
289
323
* Each proposed strategy MUST NOT be registered for the operator set
324
+
* If the operatorSet is redistributing, the `BEACONCHAIN_ETH_STRAT` may not be added, since redistribution is not supported for native eth
290
325
291
326
#### `removeStrategiesFromOperatorSet`
292
327
@@ -717,6 +752,9 @@ struct SlashingParams {
717
752
* - wadsToSlash: Array of proportions to slash from each strategy (must be between 0 and 1e18).
718
753
* - description: Description of why the operator was slashed.
719
754
*
755
+
* @return slashId The ID of the slash.
756
+
* @return shares The amount of shares that were slashed for each strategy.
757
+
*
720
758
* @dev For each strategy:
721
759
* 1. Reduces the operator's current allocation magnitude by wadToSlash proportion.
722
760
* 2. Reduces the strategy's max and encumbered magnitudes proportionally.
@@ -734,6 +772,7 @@ function slashOperator(
734
772
external
735
773
onlyWhenNotPaused(PAUSED_OPERATOR_SLASHING)
736
774
checkCanCall(avs)
775
+
returns (uint256, uint256[] memory)
737
776
```
738
777
739
778
_Note: this method can be called directly by an AVS, or by a caller authorized by the AVS. See [`PermissionController.md`](../permissions/PermissionController.md) for details._
@@ -748,7 +787,7 @@ There are two edge cases to note for this method:
748
787
1. In the process of slashing an `operator` for a given `strategy`, if the `Allocation` being slashed has a `currentMagnitude` of 0, the call will NOT revert. Instead, the `strategy` is skipped and slashing continues with the next `strategy` listed. This is to prevent an edge case where slashing occurs on or around a deallocation's `effectBlock` -- if the call reverted, the entire slash would fail. Skipping allows any valid slashes to be processed without requiring resubmission.
749
788
2. If the `operator` has a pending, non-completable deallocation, the deallocation's `pendingDiff` is reduced proportional to the slash. This ensures that when the deallocation is completed, less `encumberedMagnitude` is freed.
750
789
751
-
Once slashing is processed for a strategy, [slashed stake is burned via the `DelegationManager`](https://github.com/eigenfoundation/ELIPs/blob/main/ELIPs/ELIP-002.md#burning-of-slashed-funds).
790
+
Once slashing is processed for a strategy, [slashed stake is burned or redistributed via the `DelegationManager`](https://github.com/eigenfoundation/ELIPs/blob/main/ELIPs/ELIP-002.md#burning-of-slashed-funds).
752
791
753
792
*Effects*:
754
793
* Given an `operator` and `operatorSet`, then for each `params.strategies` element and its corresponding `allocation`:
@@ -765,6 +804,8 @@ Once slashing is processed for a strategy, [slashed stake is burned via the `Del
765
804
* If this list now has a length of 0, remove `operatorSetKey` from `allocatedSets[operator]`
0 commit comments